1. Field of the Invention
The present invention relates to an electronic watermark system, an electronic information distribution system and an image filing apparatus, and in particular to an electronic watermark technique for protecting a copyright for digital information, such as moving picture data, static picture data, audio data, computer data and computer programs, to a multimedia network for employing such an electronic watermark technique for the distribution of digital information, and to an image filing apparatus that employs such a multimedia network.
2. Related Background Art
As a consequence of recent developments concerning computer networks and the availability of inexpensive high-performance computers, electronic transactions for trading products across a network have become popular. Products for such transaction can be digital data, including pictures, for example.
However, since a large number of complete copies of digital data can be easily prepared, a user who purchases digital data would be able to illegally prepare copies having the same quality as the original, and could then distribute the copied data. As a result, a warrantable price would not be paid to the owner of the copyright for the digital data or to a person (hereinafter referred to as a xe2x80x9csellerxe2x80x9d) by whom sale of the digital data is authorized by the copyright owner, and the infringement of the copyright would occur.
Once a copyright holder or a seller (hereinafter a person who legally distributes digital data is generally called a xe2x80x9cserverxe2x80x9d) has transmitted digital data to a user, full protection against the illegal copying of data is not possible.
Therefore, an electronic watermark technique has been proposed for use instead of a method for the direct prevention of illegal copying. According to the electronic watermark technique, a specific process is performed for the original digital data and copyright information concerning the digital data, or user information, is embedded in the digital data, so that when an illegal copy of the digital data is discovered, the person who distributed the copied data can be identified.
In a conventional electronic watermark system, a server is assumed to be fully trustworthy. Therefore, if a server in a conventional system proves not to be trustworthy, and may engage in some sort of illegal activities, a user who has committed no crime may be accused of illegally copying data.
This occurs because in a conventional electronic watermark system, as is shown in FIG. 1, when a server embeds user information d1 for identifying a user (user U in FIG. 1) in digital data g (in the following explanation image data are employed as the digital data) distributed to the user, and thereafter, without the permission of the user makes a further distribution of the data containing the user""s identification data and then accuses the user of making illegal copies, there is no way the user can refute the accusation of the server, even though in this instance it is the server that is at fault.
As a countermeasure, a system (FIG. 2) using a public key encryption method has been proposed, for example, in xe2x80x9cAsymmetric Finger Printingxe2x80x9d, B. Pfitmmann and M. Waidner, EUROCRYPT ""96 (hereinafter referred to as reference 1). According to the public key encryption method, an encryption key and a decryption key differ, and the encryption key is used as a public key while the decryption key is used as a secret key. The RSA encryption and the E1Gamal encryption are well known as typical examples for the public key encryption.
An explanation will be given for (a) features of the public key encryption system and (b) protocols for secret communication and authenticated communication.
(a) Features of public key encryption
(1) Since an encryption key and a decryption key differ, and the encryption key can be published, a secret delivery process is not required for the encryption key and it can be delivered easily.
(2) Since the encryption keys of users are published, users need only provide for the secret storage of their decryption keys.
(3) An authentication function can be provided with which a recipient can verify that the sender of a message is not perpetrating a fraud and that the received message has not been altered.
(b) Protocols for public key encryption
For example, when E (kp, M) denotes an encryption operation for a message M that uses a public encryption key kp, and D (ks, M) denotes a decryption operation for a message Ms that uses a secret decryption key ks, the public key encryption algorithm satisfies the two following conditions.
(1) The calculations for the encryption E (kp, M) can be performed easily using the encryption key kp that is provided, and the calculations for the decryption D (ks, M) can also be performed easily using the decryption key ks that is provided.
(2) So long as a user does not know the decryption key ks, even if the user knows the encryption key kp and the calculation procedures for the encryption E (kp, M), and that the encrypted message C=E (kp, M), the user can not ascertain the contents of the message M because a large number of calculations are required.
When, in addition to the conditions (1) and (2), the following condition (3) is established, the secret communication function can be implemented.
(3) The encryption E (kp, M) can be defined for all the messages (plain text) M, and
D(ks, E(kp, M))=M
is established. That is, anyone can perform the calculations for the encryption E (kp, M) using the public encryption key kp, but only a user who has the secret decryption key ks can perform the calculations for the decryption D (ks, E (kp, M)) to obtain the message M.
When, in addition to the above conditions (1) and (2), the following condition (4) is established the authenticated communication function can be implemented.
(4) The decryption D (ks, M) can be defined for all the messages (plain text) M, and
E(kp, D(ks, M))=M
is established. That is, only a user who has the secret decryption key ks can calculate the decryption D (ks, M). Even if another user calculates D (ksxe2x80x2, M) using a bogus secret decryption key ksxe2x80x2 and performs the calculations as would a user who has the secret decryption key ks, the result obtained is
E(kp, D(ksxe2x80x2, M)xe2x89xa0M,
and a recipient can understand that the received information was illegally prepared.
When the value D (ks, M) is altered, the result is
E(kp, D(ks,M)xe2x80x2)xe2x89xa0M,
and a recipient can understand that the received information was illegally prepared.
In the above described encryption method, the operation E ( ), using the public encryption key (hereinafter also referred to as a public key) kp, is called xe2x80x9cencryptionxe2x80x9d, and the operation D ( ), using the secret decryption key (hereinafter also referred to as a secret key) ks, is called xe2x80x9cdecryptionxe2x80x9d.
Therefore, for a secret communication a sender performs the encryption and a recipient performs the decryption, while for an authenticated communication, a sender performs the decryption and a recipient performs the encryption.
The protocols are shown for a secret communication, an authenticated communication, and a secret communication with a signature performed by a sender A for a recipient B using the public key encryption system.
The secret key of the sender A is ksA and the public key is kpA, and the secret key of the recipient B is ksB and the public key is kpB.
The following procedures are performed for the secret transmission of a message (plain text) M from the sender A to the recipient B.
Step 1: The sender A transmits to the recipient B a message C that is obtained by employing the public key kpB of the recipient B to encrypt the message M as follows:
C=E(kpB,M).
Step 2: To obtain the original plain language message M, the recipient B employs his or her secret key ksB to decrypt the received message C as follows:
M=D(ksB,C).
Since the public key kpB of the recipient B is openly available to an unspecified number of people, users other than the sender A can also transmit secret communications to the recipient B.
For the authenticated transmission of a message (plain text) M from the sender A to the recipient B, the following procedures are performed.
Step 1: The sender A transmits to the recipient B a message S that he or she created by employing his or her secret key as follows:
S=D(ksA,M).
This message S is called a signed message, and the operation for acquiring the signed message S is called xe2x80x9csigningxe2x80x9d.
Step 2: To convert the signed message S and obtain the original plain language message M, the recipient B employs the public key KpA of the sender A as follows:
M=E(kpA,S).
If the recipient B ascertains that the message M makes sense, he or she issues verification that the message M has been transmitted by the sender A. And since the public key kpA of the sender A is available to an unspecified number of persons, users other than the recipient B can also authenticate the signed message S from the sender A. This authentication is called xe2x80x9cdigital signingxe2x80x9d.
The following procedures are performed for the secret transmission to the recipient B by the sender A of a message (plain text) M for which a signature is provided.
Step 1: The sender A prepares a signed message S by employing his or her secret key ksA to sign the message M as follows:
S=D(ksA,M).
Furthermore, to obtain an encrypted message C that is thereafter transmitted to the recipient B, the sender A employs the public key kpB of the recipient B to encrypt the signed message S as follows:
C=E(kpB,S).
Step 2: To obtain the signed message S the recipient B employs his or her secret key ksB to decrypt the encrypted message C as follows:
S=D(ksB,C).
In addition, to obtain the original plain text message M, the recipient B employs the public key kpA of the sender A to convert the signed message S as follows:
M=E(kpA, S).
When the recipient has ascertained that the message M makes sense, he or she verifies that the message M was transmitted by the sender A.
For a secret communication for which a signature has been provided, the order in which the calculating functions are performed at the individual steps may be inverted. In other words, in the above procedures,
Step 1: C=E (kpB, D (ksA, M))
Step 2: M=E (kpA, D (ksB, C)) are calculated in this order. However, for calculations performed for such a secret communication, the following order may be employed:
Step 1: C=D (ksA, E (kpB, M))
Step 2: M=D (ksB, E (kpA, C)).
An explanation will now be given for the operating procedures for a conventional electronic watermark system employing the above described public key encryption method.
1) First, a contract d2 concerning the trading of image data g is prepared by a server and a user.
2) Next, the user generates a random number ID to identify himself or herself, and employs this ID to generate a one-way function f. The one-way function is a function such that for a function y=f(x), calculating y from x is easy but calculating x from y is difficult. For example, a unique factorization or a discrete logarithm for an integer having a number of digits is frequently employed as a one-way function.
3) Then, the user prepares the signature information d3 using his or her secret key ksU, and transmits it with the contract d2 and the one-way function f to the server.
4) Following this, the server verifies the signature information d3 and the contract d2 using the public key kpU of the user.
5) After the verification has been completed, the server embeds in the image data g a current data distribution record d4 and a random number ID prepared by the user, and generates image data which includes an electronic watermark (g+d4+ID).
6) Finally, the server transmits to the user the image data that includes the electronic watermark (g+d4+ID).
When an illegal copy of data is found, embedded information is extracted from the illegal image data, and a specific user is identified using the ID included therein. At this time, a claim by the server that it did not distribute the illegal copy without permission is based on the following grounds.
Since the ID specifically identifying a user is generated by the user, and since by using that ID the signature of the user is provided for the one-way function f, the server can not generate such an ID for an arbitrary user.
However, since a user who has officially concluded a contract with the server must transmit his or her ID to the server, only users who have not made contracts with the server can not be accused of committing a crime, whereas a user who has officially concluded a contract can be so accused.
A system (FIG. 3) for neutralizing an accusation that a crime has been committed by a user who has officially concluded a contract is proposed in xe2x80x9cElectronic watermarking while taking server""s illegal activity into accountxe2x80x9d, Miura, Watanabe and Kasa (Nara Sentan University), SCIS97-31C (hereinafter referred to as reference 2). This system is implemented by dividing the server into an original image server and an embedding server. According to this system, the embedded electronic watermark is not destroyed during encryption and decryption.
The operating procedures for the system in FIG. 3 will now be described.
1) First, to obtain desired image data a user issues a request bearing his or her signature d5 to an original image server.
2) The original image server employs the user""s signature d5 to verify the contents of the request, and subsequently encrypts the requested image data g and transmits the encrypted data to an embedding server.
At this time, the original image server transmits to the embedding server a user name u accompanied by a signature for consignment contents d6. At the same time, the original image server also transmits to the user a decryption function fxe2x80x2 that is related to the encryption.
3) The embedding server verifies the received encrypted image data gxe2x80x2 and the signature (u+d6), employs the user name u and the consignment contents d6 to prepare and embed user information d7 for specifically identifying a user, and thereby creates encrypted data having an included electronic watermark (gxe2x80x2+d7 ). Then, the embedding server transmits to the user the encrypted image data (gxe2x80x2+d7) that includes the electronic watermark.
4) The user employs the decryption function fxe2x80x2, which was received from the original image server, to decrypt the encrypted image data that includes an electronic watermark, (gxe2x80x2+d7), and to obtain the image data provided with the electronic watermark, (g+d7).
When an illegal copy is found later, the original image server encrypts the illegal image data, and extracts the embedded information and transmits it to the embedding server. The embedding server specifically identifies a user from the embedded information.
This system is based on the premise that, since the original image server does not embed in the image data g the user information d7 specifically identifying a user, and since the embedding server does not know the decryption function f (can not retrieve the original image), the individual servers can not illegally distribute to officially contracted servers image data in which is embedded the user information d7.
However, neither the collusion of the original image server with the embedding server, nor the collusion of the embedding server with a user is taken into account in the system in FIG. 3. Since the embedding server holds the encrypted image data gxe2x80x2 for the image data g, which are the original image data, and the user holds the decryption function fxe2x80x2, when the original image server is in collusion with the embedding server, the servers, as in the system in FIG. 2, can perform an illegal activity. And when the embedding server is in collusion with the user, the original image can be illegally obtained.
The original image server transmits the decryption function fxe2x80x2 to the user; however, if the user does not provide adequate management control for the decryption function fxe2x80x2, the carelessness of the user will result in the embedding server obtaining knowledge of the decryption function fxe2x80x2, even though the embedding server is not in collusion with the user.
Furthermore, in the system in FIG. 3 the original image sever does not include embedding information, nor can it correctly perform embedding. However, since the embedded information is extracted by the original image server, the original image server could correctly perform the embedding by analyzing the embedded information.
Since the embedding server does not embed its own signature, the embedded information and the corresponding user information are the only embedding server secrets. However, the correspondence engaged in by the embedded information, and the user information is not random correspondence involving the use of a database, and if the embedded information is prepared from the user information according to specific rules, there is a good probability that analyzation of the embedded information will be possible.
In this case, as in the system in FIG. 2, the performance of an illegal activity is possible.
Further, for the above described secret communication for which a signature is provided, a blind decryption method having the following features is employed for the aforementioned decryption.
In the following explanation, digital data, such as image data, are encrypted by A (assumed to be a server) using the public key encryption method, and the encrypted data G is obtained by B (assumed to be a user).
A person who legally distributes digital data, such as image data, is called a server.
1) The contents of the data G are kept secret from third parties, persons other than the server and the user.
2) The user obtains the data G, while disabling the ability of the server to forge or alter the data G in the protocol.
3) The user decrypts the encrypted data G without notifying the server, and thus protects the privacy of the transaction.
Blind decryption is used in order that, when a large amount of data encrypted by a server are stored on a CD-ROM, etc., and are delivered to a user, the user can obtain desired data without the server being aware of which data included on the CD-ROM have been decrypted. As a result, the privacy of the user, such as information concerning which data the user purchased, can be protected.
The following blind decryption procedures are performed when the user pays the server a price for data that are purchased. The trading of data, such as software programs, can be implemented across a network or electronically, so as to initiate electronic commerce.
A description of the blind procedures follows.
The encryption systems of the server and of the user are denoted respectively by E1 ( ) and E2 ( ), and the decryption systems of the server and the user are denoted respectively by D1 ( ) and D2 ( ). Assume forthwith that for blind decryption the following equation is established by the encryption systems of the server and the user:
E1(E2(G))=E2(E1 (G)).
1) The user employs the encryption key (public key) of the server to encrypt data G, and obtains the encrypted message Cs.
The encrypted message Cs is represented by
Cs=E1(G).
2) The user encrypts the message Cs obtained at 1) using the user""s encryption key (public key), and transmits the encrypted message Csu to the server.
The encrypted message Csu is represented by
Csu=E2(Cs).
3) The server employs the server""s decryption key (secret key) to decrypt the message Csu received from the user, and transmits the decrypted message Cu to the user.
The decrypted message Cu is represented by
Cu=D1(Csu)=D1(E2(E1(G)))=E2(G).
4) The user employs the user""s decryption key (secret key) to decrypt the message Cu received from the server, and obtains data G.
The data G is represented by
G=D2(E2(G)).
When the RSA encryption system is employed for blind decryption, generally, assuming that respectively the public keys of the server and the user are e1 and e2 and their secret keys are d1 and d2, blind decryption is performed as follows.
The mod operation is not shown.
1) The user encrypts the data G using the public key e1 of the server, and obtains the encrypted message Cs.
The message Cs is represented by
Cs=Ge1.
2) The user employs the user""s public key e2 to encrypt the message Cs (=Ge1) obtained at 1), and transmits the encrypted message Csu to the server.
The message Csu is represented by
Csu=(Ge1)e2.
3) The server employs the server""s public key e1 to decrypt the encrypted message Csu (=(Ge1)e2 ) received from the user, and transits the decrypted message Cu to the user.
The decrypted message Cu is represented by
Cu=Ge2.
4) The user employs the user""s public key e2 to decrypt the message Cu (=Ge2) received from the server, and obtains the original data G (the final data for the user).
Even when the above public key encryption system is employed, however, the user who purchased digital data, such as image data, could obtain a benefit by making a copy of the data and illegally distributing the copy.
Therefore, a method exists that is called xe2x80x9celectronic watermarkingxe2x80x9d. According to the xe2x80x9celectronic watermarkingxe2x80x9d method, a specific operation is performed for original digital data, such as image data, to embed in the digital data copyright information concerning the digital data, and user information (an electronic watermark embedding process), so that when an illegal copy is found, the person who distributed the copy can be specifically identified.
The employment of both the electronic watermarking technique and the public key encryption system can protect the privacy of a user, and can also prevent the illegal distribution of data by a user.
The conventional blind decryption technique, which is a system for decrypting data that are encrypted using the above described public key encryption system, is effective as protocol for transmitting original digital data (the data G) from a server to a user, with the privacy of the user being protected. However, the conventional blind decryption technique is not appropriate as a protocol for implementing the following features.
1)The contents of the data G are kept secret from third parties, persons other than the server and the user.
2)The server performs a modification, such as an electronic watermarking process, in accordance with the protocol, and does not transmit the data G to the user unchanged.
3)The protocol according to which a partner can not be accused of a crime is employed to prevent the illegal distribution of data by a server and a user.
To resolve the above problems, it is one objective of the present invention to provide an electronic watermarking method whereby the above described illegal activities and the illegal distribution of the original data by a server and a user can be prevented, and to provide an electronic information distribution system therefor.
To achieve the above objective, according to one aspect of the present invention, an electronic watermarking method comprises a step of at least performing either an encryption process or a decryption process for data in which electronic watermark information is embedded.
According to an another aspect of the present invention, an electronic watermark method comprises a step of embedding specific electronic watermark information in which different electronic watermark information has been embedded and that has already been encrypted.
The data in which different electronic watermark information is to be embedded may be data that are encrypted in which specific electronic watermark information has been embedded.
Different electronic watermark information may be embedded in the data after the data have been encrypted using a different encryption method.
According to an another aspect of the present invention, different information is embedded as electronic watermark information in common data before and after encryption is performed for the common data.
According to an another aspect of the present invention, provided is an electronic watermark method, used for a network, that includes a plurality of entities whereof provided separately are an entity for embedding an electronic watermark in encrypted data that are exchanged by the plurality of entities, and an entity for performing an encryption process and a corresponding decryption process.
With the above arrangement, the encrypted data may be image data.
According to an another aspect of the present invention, an electronic information distribution system, which exchanges digital information across a network system constituted by a plurality of entities, comprises a first entity for embedding electronic information for the digital data, and a second entity for performing an encryption process and a corresponding decryption process for the digital data.
According to an another aspect of the present invention, provided is an electronic information distribution system wherein, for the exchange of digital information between a first entity and a second entity in a network that includes a plurality of entities, the first entity receives encrypted information from the second entity, embeds electronic watermark information in the encrypted information and transmits the resultant information to the second entity, and the second entity performs a corresponding decryption process for the encrypted information received from the first entity.
According to an another aspect of the present invention, provided is an electronic information distribution system wherein, for the exchange of digital information by a first entity and a second entity across a network system constituted by a plurality of entities, the first entity embeds electronic watermark information in information and performs a first encryption process for the information, and transmits the resultant information to the second entity; wherein the second entity performs a second encryption process for the information received from the first entity and transits the resultant information to the first entity; wherein the first entity performs a first decryption process, corresponding to the first encryption process, for the information received from the second entity, and embeds electronic watermark information in the resultant information and transmits the obtained information to the second entity; and wherein the second entity performs a second decryption process, corresponding to the second encryption process, for the information received from the first entity.
The electronic watermark information embedded by the first entity may at the least include either information concerning the second entity or information concerning digital data to be transmitted.
Preferably, the first entity examines a signature of the second entity by using an anonymous public key having a certificate that is issued by an authentication center.
According to an another aspect of the present invention, provided is an image file apparatus, which stores, as image data, image information obtained by decrypting image information for which encryption has been performed, and electronic watermark information that is added to the image information while it is encrypted and that is decrypted using the image information.
Key information concerning the encryption may be stored separately from the image data.
According to an another aspect of the present invention, an entity for performing an encryption process and an electronic watermark embedding process embeds an electronic watermark for information at least either before or after the information is encrypted.
In this aspect of the present invention, the entity is an entity for receiving information.
In this aspect of the present invention, the entity transmits, to an information provision entity, information that is encrypted in which an electronic watermark has been embedded.
In this aspect of the present invention, the entity further transmits, to the information provision entity, a value that is obtained by transforming, using a one-way compression function, the information that is encrypted in which an electronic watermark has been embedded.
In this aspect of the present invention, the entity receives information that primarily is encrypted in advance, and performs a secondary encryption process and an electronic watermark embedding process for the encrypted information.
According to an another aspect of the present invention, an entity for receiving information embeds an electronic watermark in the information.
In this aspect of the present invention, the entity transmits to an information provision entity the information in which the electronic watermark has been embedded.
In this aspect of the present invention, the information provision entity embeds in the information an electronic mark that differs from the electronic watermark.
In this aspect of the present invention, the information is image information.
According to an another aspect of the present invention, a one-way compression function is employed to examine the legality of at the least either an encryption process or an electronic watermark embedding process.
According to an another aspect of the present invention, provided is an electronic watermark method used for a network system that includes a plurality of entities, whereby, for the exchange of digital data by a first entity and a second entity at the least of the plurality of entities, the first entity embeds an electronic watermark in the digital information before or after performing a first encryption process and transmits the resultant digital information to the second entity, and the second entity embeds an electronic watermark in the digital information received from the first entity before or after a second encryption process.
According to an another aspect of the present invention, provided is an electronic watermark method used for a network system that includes a plurality of entities, whereby, for the exchange of digital data by at least a first entity and a second entity of the plurality of entities, before a first encryption the first entity performs an electronic watermark embedding process for the digital information and transmits the resultant digital information to the second entity; whereby, before a second encryption the second entity, without decrypting the digital information, performs an electronic watermark embedding process for the digital information received from the first entity; whereby the first entity performs a decryption process, corresponding to the first encryption, for the digital information received from the second entity and transmits the decrypted digital information to the second entity; and whereby the second entity performs a decryption process, corresponding to the second encryption, for the digital information received from the first entity.
In this aspect of the present invention, before performing the electronic watermark embedding process, the first entity uses an anonymous public key having a certificate that is issued by an authentication center to examine a signature included with the second entity.
In this aspect of the present invention, the electronic watermark embedding process performed by the first entity is a process for embedding information concerning the second entity.
In this aspect of the present invention, the electronic watermark embedding process performed by the first entity is a process for embedding information concerning digital information to be transmitted.
In this aspect of the present invention, the electronic watermark embedding process performed by the second entity is a process for embedding information that only the second entity is capable of creating.
According to an another aspect of the present invention, provided is an electronic information distribution system, which includes a plurality of entities and exchanges information across a network, wherein at least one of the plurality of entities includes encryption means and electronic watermark embedding means, and wherein the electronic watermark embedding means performs an electronic watermark embedding process for information at least before or after the encryption means encrypts the information.
According to an another aspect of the present invention, provided is an electronic information distribution system, which includes a plurality of entities and exchanges information across a network, wherein of the plurality of entities one entity for receiving information includes electronic watermark embedding means for performing an electronic watermark embedding process for received information.
According to an another aspect of the present invention, provided is an electronic information distribution system, which includes a plurality of entities and exchanges information across a network, wherein one of the plurality of entities includes encryption means and electronic watermark embedding means, and another entity includes means for employing a one-way compression function to examine at the least the legality either of an encryption process performed by the encryption means, or of an electronic watermark embedding process performed by the electronic watermark embedding means.
According to an another aspect of the present invention, provided is an electronic information distribution system, which includes a plurality of entities and exchanges information across a network, wherein the plurality of entities includes a first entity having first encryption means and first electronic watermark embedding means, and a second entity having second encryption means and second electronic watermark embedding means; wherein the first electronic watermark embedding means performs at the least an electronic watermark embedding process for digital information before or after the first encryption means encrypts the information; and wherein second electronic watermark embedding means performs at the least an electronic watermark embedding process for the information received from the first entity before or after the second encryption means encrypts the digital information.
According to an another aspect of the present invention, provided is an electronic information distribution system, which includes a plurality of entities and exchanges information across a network, wherein the plurality of entities includes at the least first and second entities for exchanging digital information; wherein the first entity includes first encryption means, first electronic watermark embedding means for performing an electronic watermark embedding process for digital information before encryption is performed by the encryption means, and first decryption means for performing decryption, corresponding to the encryption performed by the first encryption means, of digital information received from the second entity; and wherein a second entity includes second encryption means, second electronic watermark embedding means for, before encryption is performed by the second encryption, performing an electronic watermark embedding process without decrypting the digital information received from the first entity, and second decryption means for performing decryption, corresponding to the encryption performed by the second encryption means, of the digital information received from the first entity.
In this aspect of the present invention, before performing the electronic watermark embedding process, the first entity uses an anonymous public key having a certificate that is issued by an authentication center to examine a signature included with the second entity.
In this aspect of the present invention, the first electronic watermark embedding process is a process for embedding information concerning the second entity.
In this aspect of the present invention, the first electronic watermark embedding means embeds information concerning digital information to be transmitted.
In this aspect of the present invention, the second electronic watermark embedding means embeds information that only the second entity is capable of creating.
According to an another aspect of the present invention, provided is an image file apparatus for storing image information with electronic watermark information and information for examining the legality of the electronic watermark information.
In this aspect of the present invention, information for examining the legality constitutes a one-way compression function.
In this aspect of the present invention, the electronic watermark information is information that is encrypted with the image information, and that is decrypted with the image information.
In this aspect of the present invention, the one-way compression function is used to transform the encrypted image information and the electronic watermark information.
According to an another aspect of the present invention, an electronic watermark system for embedding electronic watermark information comprises:
means, or an entity, for examining the legality of either an encryption process or of an electronic watermark embedding process at the least; and
means, or an entity, provided separately from said examining means or unit, for performing the encryption process and the electronic watermark embedding process.
The means for examining the legality may be provided for a third entity, which is provided separately from a first entity that includes means for performing the encryption process and the electronic watermark embedding process for information, and a second entity, for receiving from the first entity encrypted information in which an electronic watermark has been embedded.
The first entity may be provided at an information reception side, and may transmit the encrypted information in which the electronic watermark has been embedded to the second entity at an information provision side.
The first entity may employ a one-way compression function to transform the encrypted information in which an electronic watermark has been embedded, and to output the obtained value together with the encrypted information in which the electronic watermark has been embedded.
The first entity may transmit to the third entity a value obtained by transformation using the one-way compression function.
The third entity may be capable of performing a decryption process corresponding to the encryption process.
The first entity may receive primarily encrypted information in advance, and may perform a secondary encryption process and an electronic watermark embedding process for the primarily encrypted information.
According to an another aspect of the present invention, provided is an electronic watermark system for embedding an electronic watermark, wherein an entity for managing an encryption key includes means for examining the legality of electronic watermark information.
In order to examine the legality of the electronic watermark and the encryption process, the entity may decrypt encrypted information in which an electronic watermark has been embedded and that is output by a different entity.
In addition, in order to examine the legality of the electronic watermark and the encryption process, the entity may compare a value that is obtained by using a one-way compression function to transform the encrypted information in which the electronic watermark is embedded and that is output by the different entity with a value that is output by the different entity.
According to an another aspect of the present invention, an electronic information distribution system, for exchanging digital information across a network constituted by a plurality of entities, comprises an entity for performing at least an encryption process and an electronic watermark embedding process for the digital information, and an entity for at the least examining the legality of either the encryption process or the electronic watermark embedding process.
The entity for examining the legality may be an entity for managing an encryption key.
According to an another aspect of the present invention, for the exchange of digital information by a first entity and a second entity in a network constituted by a plurality of entities, the first entity at the least embeds electronic watermark information in the digital information either before or after a first encryption process, and transmits the obtained digital information to the second entity. At the least, either before or after a second encryption process the second entity embeds electronic watermark information in the digital information received from the first entity, and transmits the obtained digital information to a third entity. The third entity examines the legality of the electronic watermark information that has been embedded, and notifies the first entity of the result of the examination.
According to an another aspect of the present invention, for the exchange of digital information by a first entity and a second entity in a network constituted by a plurality of entities, the first entity embeds electronic watermark information in the digital information before a first encryption process, and transmits the obtained information to the second entity. Before a second encryption process, the second entity embeds electronic watermark information in the information received from the first entity, and transmits the obtained information to a third entity. The third entity examines the legality of the electronic watermark information that is embedded, and transmits the result and the information received from the second entity to the first entity. The first entity performs a decryption process, corresponding to the first encryption process, for the information received from the second entity, and transmits to the second entity the thus obtained first decrypted information. Thereafter, the second entity performs a second decryption process, corresponding to the second encryption process, for the first decrypted information received from the first entity.
The electronic watermark information embedded by the first entity may include information concerning the second entity.
The electronic watermark information embedded by the first entity may include information concerning digital information to be transmitted.
The electronic watermark information embedded by the second entity may be information that only the second entity is capable of creating.
In this aspect of the present invention, before embedding the electronic watermark, the first entity examines a signature of the second entity by using an anonymous public key having a certificate that is issued by an authentication center.
According to an another aspect of the present invention, provided is an image file apparatus for storing, in addition to image information to which electronic watermark information has been added, key information for encrypting the image information, and a one-way compression function for transforming the image information.
The electronic watermark information may be information that is encrypted together with the image information and is decrypted together with the image information.
According to an another aspect of the present invention, a cryptography method comprises the steps of:
calculating second data using first data encrypted by a public key encryption method; and
decrypting third data that is obtained by said calculation step, in order to accomplish the decryption of the first data and the signing of the second data.
In this aspect of the present invention, the first data are encrypted image data, and image data in which an electronic watermark has been embedded are obtained by decrypting the third data.
In this aspect of the present invention, the first data are data obtained by the secondary encryption, using the public key encryption method, of primary encrypted information.
According to an another aspect of the present invention, provided is a cryptography method used for a network that includes a plurality of entities, whereby for the exchange of digital information, at least by a first entity and a second entity of the plurality of entities, the first entity calculates second data using first data, which is encrypted using a public key belonging to the second entity, and transmits the third data that is obtained to the second entity; and whereby the second entity employs a self owned-secret key to decrypt the third data received from the first entity, and implements the decryption of the first data and the signing of the second data.
According to an another aspect of the present invention, provided is a cryptography method for a network that includes a plurality of entities, whereby for the exchange of digital information, at least between a first entity and a second entity of the plurality of entities, the second entity employs a self-owned public key for encrypting the first data that have been encrypted using a public key belonging to the first entity, and transmits the resultant first data to the first entity; the first entity employs a self-owned secret key to decrypt the first data received from the second entity, performs calculations with second data using the decrypted first data to obtain third data, and transmits the third data to the second entity; and the second entity employs a self-owned secret key to decrypt the third data received from the first entity, and implements the decryption of the first data and the signing of the second data.
In this aspect of the present invention, the first entity provides information, and the second entity receives information.
In this aspect of the present invention, cryptography is performed using a public key method for which RSA cryptography is employed.
According to an another aspect of the present invention, provided is an electronic information distribution system, which includes a plurality of entities and exchanges digital information across a network, wherein the plurality of entities includes at least a first and a second entity for exchanging digital information; wherein the first entity includes calculation means for performing calculations with second data using the first data that are encrypted by employing a public key belonging to the second entity, and for obtaining third data; and wherein the second entity includes decryption means for using a self-owned secret key to decrypt the third data received from the first entity.
According to an another aspect of the present invention, provided is an electronic information distribution system, which includes a plurality of entities and exchanges digital information across a network, wherein the plurality of entities include at least a first and a second entity for exchanging digital information; wherein the first entity includes first encryption means for encrypting first data using a self-owned public key, first decryption means for using a self-owned secret key to decrypt first data received from the second entity, and calculation means that, to obtain third data, performs calculations with second data using the first data decrypted by the first decryption means; and wherein the second entity includes second encryption means for using a self-owned public key to encrypt the first data that are encrypted by the first encryption means of the first entity, and second decryption means for using a self-owned secret key to decrypt the third data received from the first entity.
In this aspect of the present invention, a public key cryptography method using RSA cryptography is employed.
In this aspect of the present invention, the first entity supplies information and the second entity receives information.
In this aspect of the present invention, the first data are image data and the second data are electronic watermark information.